Home / CVE DB / CVE-2020-11022
Standard
Vulnerability Identifier

CVE-2020-11022

2020-04-29
Severity Assessment
6.9
MEDIUM
CVSS v3.x Score
Clinical Analysis (Description)

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Vector Sequencing

Attack Parameters

Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Impact Consequences

Technical Impact

Changed
Scope
High
Confidentiality
Low
Integrity
None
Availability
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
CVSS v2 Score (Legacy)
4.3

For backward compatibility

EPSS Probability
3.54%

Percentile: 87.7%

Weakness Classification

CWE-CWE-79

Affected Population

Affected Configurations

Total: 348 detected entries

Software List Scrollable
jq
jquery
Vendor: jquery • v1.5
or
policy_automation
Vendor: oracle • v12.2.10
or
financial_services_institutional_performance_analytics
Vendor: oracle • v8.1.0
or
communications_eagle_application_processor
Vendor: oracle • v16.1.0
or
hospitality_simphony
Vendor: oracle • v19.1.0
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.6.0.0
jq
jquery
Vendor: jquery • v1.4.1
dr
drupal
Vendor: drupal • v7.53
or
retail_customer_management_and_segmentation_foundation
Vendor: oracle • v19.0
or
financial_services_loan_loss_forecasting_and_provisioning
Vendor: oracle • v8.0.8
jq
jquery
Vendor: jquery • v1.12.0
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.1.0
dr
drupal
Vendor: drupal • v7.38
jq
jquery
Vendor: jquery • v3.3.0
jq
jquery
Vendor: jquery • v1.12.4
dr
drupal
Vendor: drupal • v7.26
dr
drupal
Vendor: drupal • v8.7.0
or
policy_automation
Vendor: oracle • v12.2.11
te
log_correlation_engine
Vendor: tenable • v4.8.2
or
financial_services_basel_regulatory_capital_internal_ratings_based_approach
Vendor: oracle • v8.0.6
jq
jquery
Vendor: jquery • v1.2.3
jq
jquery
Vendor: jquery • v2.1.3
ne
oncommand_system_manager
Vendor: netapp • v3.0
jq
jquery
Vendor: jquery • v1.9.0
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.7.2.0
jq
jquery
Vendor: jquery • v3.4.0
jq
jquery
Vendor: jquery • v1.2
jq
jquery
Vendor: jquery • v1.2.6
dr
drupal
Vendor: drupal • v7.9
or
hospitality_materials_control
Vendor: oracle • v18.1
dr
drupal
Vendor: drupal • v7.62
ne
max_data
Vendor: netapp • v-
dr
drupal
Vendor: drupal • v8.8.0
dr
drupal
Vendor: drupal • v7.5
dr
drupal
Vendor: drupal • v7.3
jq
jquery
Vendor: jquery • v1.12.3
jq
jquery
Vendor: jquery • v1.12.2
dr
drupal
Vendor: drupal • v7.32
op
leap
Vendor: opensuse • v15.2
dr
drupal
Vendor: drupal • v7.24
jq
jquery
Vendor: jquery • v1.8.0
dr
drupal
Vendor: drupal • v7.41
or
financial_services_hedge_management_and_ifrs_valuations
Vendor: oracle • v8.0.6
jq
jquery
Vendor: jquery • v1.2.2
dr
drupal
Vendor: drupal • v7.42
dr
drupal
Vendor: drupal • v7.4
ne
oncommand_system_manager
Vendor: netapp • v3.0.0
or
banking_digital_experience
Vendor: oracle • v18.1
or
retail_back_office
Vendor: oracle • v14.1
jq
jquery
Vendor: jquery • v1.9.1
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.7.9.0
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.8.6
jq
jquery
Vendor: jquery • v2.2.0
dr
drupal
Vendor: drupal • v8.7.3
jq
jquery
Vendor: jquery • v3.2.1
or
financial_services_data_governance_for_us_regulatory_reporting
Vendor: oracle • v8.0.6
jq
jquery
Vendor: jquery • v1.10.2
dr
drupal
Vendor: drupal • v7.11
or
financial_services_institutional_performance_analytics
Vendor: oracle • v8.0.7
jq
jquery
Vendor: jquery • v1.11.3
jq
jquery
Vendor: jquery • v2.2.4
jq
jquery
Vendor: jquery • v1.4.0
or
financial_services_data_integration_hub
Vendor: oracle • v8.0.6
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.3
dr
drupal
Vendor: drupal • v7.0
jq
jquery
Vendor: jquery • v2.1.2
fe
fedora
Vendor: fedoraproject • v31
or
financial_services_funds_transfer_pricing
Vendor: oracle • v8.1.0
te
log_correlation_engine
Vendor: tenable • v6.0.8
jq
jquery
Vendor: jquery • v1.7.1
jq
jquery
Vendor: jquery • v1.8.2
jq
jquery
Vendor: jquery • v1.7.0
or
financial_services_profitability_management
Vendor: oracle • v8.0.7
jq
jquery
Vendor: jquery • v2.1.1
dr
drupal
Vendor: drupal • v7.21
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.7
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.1
or
financial_services_institutional_performance_analytics
Vendor: oracle • v8.0.6
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.9
or
jdeveloper
Vendor: oracle • v12.2.1.4.0
dr
drupal
Vendor: drupal • v7.27
jq
jquery
Vendor: jquery • v1.3.1
or
financial_services_regulatory_reporting_for_us_federal_reserve
Vendor: oracle • v8.0.6
or
policy_automation
Vendor: oracle • v12.2.15
or
peoplesoft_enterprise_peopletools
Vendor: oracle • v8.57
dr
drupal
Vendor: drupal • v7.58
or
financial_services_liquidity_risk_management
Vendor: oracle • v8.0.6
or
policy_automation
Vendor: oracle • v12.2.20
dr
drupal
Vendor: drupal • v7.50
or
communications_eagle_application_processor
Vendor: oracle • v16.2.0
jq
jquery
Vendor: jquery • v2.2.3
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.4
or
insurance_accounting_analyzer
Vendor: oracle • v8.0.9
or
banking_digital_experience
Vendor: oracle • v18.2
jq
jquery
Vendor: jquery • v2.1.4
or
insurance_data_foundation
Vendor: oracle • v8.0.6-8.1.0
dr
drupal
Vendor: drupal • v7.44
or
communications_billing_and_revenue_management
Vendor: oracle • v7.5.0.23.0
jq
jquery
Vendor: jquery • v1.2.1
ne
snap_creator_framework
Vendor: netapp • v-
dr
drupal
Vendor: drupal • v8.8.5
jq
jquery
Vendor: jquery • v3.0.0
or
policy_automation
Vendor: oracle • v12.2.7
dr
drupal
Vendor: drupal • v7.69
jq
jquery
Vendor: jquery • v1.3
or
financial_services_market_risk_measurement_and_management
Vendor: oracle • v8.0.6
or
financial_services_basel_regulatory_capital_basic
Vendor: oracle • v8.0.6
jq
jquery
Vendor: jquery • v1.2.4
jq
jquery
Vendor: jquery • v2.1.0
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.7.0.0
dr
drupal
Vendor: drupal • v7.51
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.8
or
hospitality_simphony
Vendor: oracle • v19.1.2
or
policy_automation
Vendor: oracle • v12.2.1
ne
snapcenter
Vendor: netapp • v-
or
financial_services_loan_loss_forecasting_and_provisioning
Vendor: oracle • v8.0.7
ne
h700s_firmware
Vendor: netapp • v-
or
insurance_data_foundation
Vendor: oracle • v8.1.0
jq
jquery
Vendor: jquery • v3.3.1
or
financial_services_hedge_management_and_ifrs_valuations
Vendor: oracle • v8.0.8
dr
drupal
Vendor: drupal • v7.23
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.6
jq
jquery
Vendor: jquery • v1.5.0
jq
jquery
Vendor: jquery • v2.0.1
dr
drupal
Vendor: drupal • v7.35
te
log_correlation_engine
Vendor: tenable • v4.8.0
dr
drupal
Vendor: drupal • v8.8.1
or
banking_digital_experience
Vendor: oracle • v19.2
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.7.1.0
dr
drupal
Vendor: drupal • v7.57
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.7
or
policy_automation
Vendor: oracle • v12.2.2
or
communications_services_gatekeeper
Vendor: oracle • v7.0
or
financial_services_price_creation_and_discovery
Vendor: oracle • v8.0.6
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.20
dr
drupal
Vendor: drupal • v7.56
dr
drupal
Vendor: drupal • v7.8
or
insurance_insbridge_rating_and_underwriting
Vendor: oracle • v5.2
or
financial_services_data_foundation
Vendor: oracle • v8.0.9
or
peoplesoft_enterprise_peopletools
Vendor: oracle • v8.58
or
enterprise_session_border_controller
Vendor: oracle • v8.4
or
insurance_insbridge_rating_and_underwriting
Vendor: oracle • v5.6.1.0
dr
drupal
Vendor: drupal • v7.43
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.6.0.1
or
financial_services_asset_liability_management
Vendor: oracle • v8.0.6
jq
jquery
Vendor: jquery • v2.0.0
or
application_testing_suite
Vendor: oracle • v13.3.0.1
or
policy_automation
Vendor: oracle • v12.2.12
or
banking_digital_experience
Vendor: oracle • v20.1
or
financial_services_profitability_management
Vendor: oracle • v8.0.6
dr
drupal
Vendor: drupal • v7.7
or
financial_services_balance_sheet_planning
Vendor: oracle • v8.0.8
dr
drupal
Vendor: drupal • v7.36
ne
oncommand_system_manager
Vendor: netapp • v3.1.1
or
communications_webrtc_session_controller
Vendor: oracle • v7.2
or
healthcare_foundation
Vendor: oracle • v7.1.1
or
policy_automation
Vendor: oracle • v12.2.8
or
policy_automation
Vendor: oracle • v12.2.3
dr
drupal
Vendor: drupal • v7.10
or
policy_automation
Vendor: oracle • v12.2.13
or
financial_services_data_foundation
Vendor: oracle • v8.0.6
or
financial_services_data_foundation
Vendor: oracle • v8.1.0
ne
h500e_firmware
Vendor: netapp • v-
dr
drupal
Vendor: drupal • v7.33
dr
drupal
Vendor: drupal • v7.52
jq
jquery
Vendor: jquery • v1.8.3
jq
jquery
Vendor: jquery • v1.4
dr
drupal
Vendor: drupal • v7.2
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.8
dr
drupal
Vendor: drupal • v7.39
jq
jquery
Vendor: jquery • v1.6.3
or
financial_services_price_creation_and_discovery
Vendor: oracle • v8.0.7
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.6
ne
h500s_firmware
Vendor: netapp • v-
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.8.0.0
or
financial_services_regulatory_reporting_for_european_banking_authority
Vendor: oracle • v8.1.0
ne
h410s_firmware
Vendor: netapp • v-
or
weblogic_server
Vendor: oracle • v10.3.6.0.0
jq
jquery
Vendor: jquery • v1.8.1
or
financial_services_data_integration_hub
Vendor: oracle • v8.1.0
or
hospitality_simphony
Vendor: oracle • v18.2
dr
drupal
Vendor: drupal • v7.29
or
policy_automation
Vendor: oracle • v12.2.6
or
communications_application_session_controller
Vendor: oracle • v3.8m0
dr
drupal
Vendor: drupal • v7.54
or
policy_automation_connector_for_siebel
Vendor: oracle • v10.4.6
or
financial_services_profitability_management
Vendor: oracle • v8.1.0
dr
drupal
Vendor: drupal • v7.61
or
financial_services_funds_transfer_pricing
Vendor: oracle • v8.0.6
or
insurance_allocation_manager_for_enterprise_profitability
Vendor: oracle • v8.1.0
or
insurance_allocation_manager_for_enterprise_profitability
Vendor: oracle • v8.0.8
ne
oncommand_system_manager
Vendor: netapp • v3.1.2
jq
jquery
Vendor: jquery • v1.6.4
dr
drupal
Vendor: drupal • v7.68
dr
drupal
Vendor: drupal • v7.15
dr
drupal
Vendor: drupal • v7.59
or
financial_services_loan_loss_forecasting_and_provisioning
Vendor: oracle • v8.0.6
or
financial_services_basel_regulatory_capital_internal_ratings_based_approach
Vendor: oracle • v8.1.0
op
leap
Vendor: opensuse • v15.1
or
policy_automation
Vendor: oracle • v12.2.0
dr
drupal
Vendor: drupal • v8.8.3
or
enterprise_manager_ops_center
Vendor: oracle • v12.4.0.0
jq
jquery
Vendor: jquery • v3.0.5
jq
jquery
Vendor: jquery • v1.11.1
or
financial_services_liquidity_risk_measurement_and_management
Vendor: oracle • v8.0.7
or
hospitality_simphony
Vendor: oracle • v18.1
or
communications_billing_and_revenue_management
Vendor: oracle • v12.0.0.3.0
or
financial_services_basel_regulatory_capital_basic
Vendor: oracle • v8.1.0
fe
fedora
Vendor: fedoraproject • v33
dr
drupal
Vendor: drupal • v7.65
or
siebel_ui_framework
Vendor: oracle • v20.8
or
retail_returns_management
Vendor: oracle • v14.0
jq
jquery
Vendor: jquery • v1.7.2
jq
jquery
Vendor: jquery • v1.6.0
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.1.0.0.0
dr
drupal
Vendor: drupal • v7.22
or
financial_services_liquidity_risk_measurement_and_management
Vendor: oracle • v8.1.0
dr
drupal
Vendor: drupal • v8.7.6
or
healthcare_foundation
Vendor: oracle • v7.2.1
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.0
ne
h300e_firmware
Vendor: netapp • v-
dr
drupal
Vendor: drupal • v7.25
ne
oncommand_system_manager
Vendor: netapp • v3.1.3
dr
drupal
Vendor: drupal • v8.7.12
jq
jquery
Vendor: jquery • v1.5.1
dr
drupal
Vendor: drupal • v7.34
dr
drupal
Vendor: drupal • v8.7.4
te
log_correlation_engine
Vendor: tenable • v4.8.1
de
debian_linux
Vendor: debian • v9.0
jq
jquery
Vendor: jquery • v3.1.0
dr
drupal
Vendor: drupal • v7.28
dr
drupal
Vendor: drupal • v7.16
dr
drupal
Vendor: drupal • v8.7.11
dr
drupal
Vendor: drupal • v7.1
or
financial_services_regulatory_reporting_for_european_banking_authority
Vendor: oracle • v8.0.6
jq
jquery
Vendor: jquery • v3.4.1
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.6.3.0
or
financial_services_market_risk_measurement_and_management
Vendor: oracle • v8.0.8
or
insurance_insbridge_rating_and_underwriting
Vendor: oracle • v5.4
ne
h300s_firmware
Vendor: netapp • v-
or
insurance_data_foundation
Vendor: oracle • v8.0.6
ne
oncommand_insight
Vendor: netapp • v-
or
financial_services_basel_regulatory_capital_basic
Vendor: oracle • v8.0.8
or
financial_services_regulatory_reporting_for_us_federal_reserve
Vendor: oracle • v8.0.9
jq
jquery
Vendor: jquery • v1.4.2
jq
jquery
Vendor: jquery • v1.4.4
or
policy_automation
Vendor: oracle • v12.2.4
or
policy_automation
Vendor: oracle • v12.2.9
ne
h410c_firmware
Vendor: netapp • v-
or
weblogic_server
Vendor: oracle • v12.2.1.4.0
or
peoplesoft_enterprise_peopletools
Vendor: oracle • v8.56
or
financial_services_analytical_applications_reconciliation_framework
Vendor: oracle • v8.0.6
dr
drupal
Vendor: drupal • v8.7.2
dr
drupal
Vendor: drupal • v7.63
or
financial_services_loan_loss_forecasting_and_provisioning
Vendor: oracle • v8.1.0
jq
jquery
Vendor: jquery • v2.0.2
or
jdeveloper
Vendor: oracle • v12.2.1.3.0
or
weblogic_server
Vendor: oracle • v14.1.1.0.0
or
policy_automation
Vendor: oracle • v12.2.14
jq
jquery
Vendor: jquery • v2.2.2
or
financial_services_analytical_applications_reconciliation_framework
Vendor: oracle • v8.1.0
dr
drupal
Vendor: drupal • v7.30
dr
drupal
Vendor: drupal • v8.8.4
or
retail_returns_management
Vendor: oracle • v14.1
dr
drupal
Vendor: drupal • v7.13
dr
drupal
Vendor: drupal • v8.7.9
dr
drupal
Vendor: drupal • v8.7.10
dr
drupal
Vendor: drupal • v7.14
or
financial_services_data_integration_hub
Vendor: oracle • v8.0.7
dr
drupal
Vendor: drupal • v7.31
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.8.5
jq
jquery
Vendor: jquery • v1.3.0
or
insurance_insbridge_rating_and_underwriting
Vendor: oracle • v5.2.0
fe
fedora
Vendor: fedoraproject • v32
dr
drupal
Vendor: drupal • v7.37
jq
jquery
Vendor: jquery • v3.1.1
dr
drupal
Vendor: drupal • v7.17
dr
drupal
Vendor: drupal • v7.19
or
retail_back_office
Vendor: oracle • v14.0
dr
drupal
Vendor: drupal • v7.64
dr
drupal
Vendor: drupal • v8.7.13
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.5
jq
jquery
Vendor: jquery • v1.5.2
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.6.1.0
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.7.8
or
communications_eagle_application_processor
Vendor: oracle • v16.4.0
jq
jquery
Vendor: jquery • v1.10.0
or
financial_services_asset_liability_management
Vendor: oracle • v8.0.7
or
insurance_insbridge_rating_and_underwriting
Vendor: oracle • v5.5
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.2
dr
drupal
Vendor: drupal • v7.12
or
healthcare_foundation
Vendor: oracle • v7.2.0
jq
jquery
Vendor: jquery • v3.2.0
or
banking_digital_experience
Vendor: oracle • v19.1
jq
jquery
Vendor: jquery • v1.6
or
insurance_insbridge_rating_and_underwriting
Vendor: oracle • v5.0.0.0
or
financial_services_hedge_management_and_ifrs_valuations
Vendor: oracle • v8.0.7
dr
drupal
Vendor: drupal • v8.7.7
jq
jquery
Vendor: jquery • v1.6.1
or
agile_product_supplier_collaboration_for_process
Vendor: oracle • v6.2.0.0
jq
jquery
Vendor: jquery • v2.0.3
dr
drupal
Vendor: drupal • v8.7.1
jq
jquery
Vendor: jquery • v1.4.3
or
financial_services_hedge_management_and_ifrs_valuations
Vendor: oracle • v8.1.0
or
hospitality_simphony
Vendor: oracle • v19.1.0-19.1.2
dr
drupal
Vendor: drupal • v7.55
or
weblogic_server
Vendor: oracle • v12.1.3.0.0
dr
drupal
Vendor: drupal • v7.67
dr
drupal
Vendor: drupal • v7.20
dr
drupal
Vendor: drupal • v7.18
or
agile_product_lifecycle_management_for_process
Vendor: oracle • v6.2.0.0
jq
jquery
Vendor: jquery • v1.11.2
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.9.0.0
jq
jquery
Vendor: jquery • v1.6.2
ne
h700e_firmware
Vendor: netapp • v-
dr
drupal
Vendor: drupal • v7.40
or
financial_services_funds_transfer_pricing
Vendor: oracle • v8.0.7
or
policy_automation
Vendor: oracle • v12.2.5
or
financial_services_liquidity_risk_measurement_and_management
Vendor: oracle • v8.0.8
jq
jquery
Vendor: jquery • v1.12.1
jq
jquery
Vendor: jquery • v1.3.2
dr
drupal
Vendor: drupal • v8.7.5
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.9
or
financial_services_basel_regulatory_capital_internal_ratings_based_approach
Vendor: oracle • v8.0.8
jq
jquery
Vendor: jquery • v1.2.5
or
financial_services_regulatory_reporting_for_european_banking_authority
Vendor: oracle • v8.0.7
or
financial_services_asset_liability_management
Vendor: oracle • v8.1.0
jq
jquery
Vendor: jquery • v2.2.1
or
insurance_insbridge_rating_and_underwriting
Vendor: oracle • v5.6.0.0
dr
drupal
Vendor: drupal • v8.8.2
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.6.4.0
ne
oncommand_system_manager
Vendor: netapp • v3.1
or
healthcare_foundation
Vendor: oracle • v7.3.0
or
storagetek_acsls
Vendor: oracle • v8.5.1
or
policy_automation_for_mobile_devices
Vendor: oracle • v12.2.10
dr
drupal
Vendor: drupal • v7.66
or
jdeveloper
Vendor: oracle • v11.1.1.9.0
dr
drupal
Vendor: drupal • v8.7.8
or
financial_services_analytical_applications_reconciliation_framework
Vendor: oracle • v8.0.8
or
weblogic_server
Vendor: oracle • v12.2.1.3.0
jq
jquery
Vendor: jquery • v1.11.0
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.8.7.0
dr
drupal
Vendor: drupal • v7.60
or
banking_digital_experience
Vendor: oracle • v18.3
or
financial_services_analytical_applications_infrastructure
Vendor: oracle • v8.0.6.2.0
or
financial_services_data_governance_for_us_regulatory_reporting
Vendor: oracle • v8.0.8
jq
jquery
Vendor: jquery • v1.10.1
dr
drupal
Vendor: drupal • v7.6
Timeline

Time Line

PUBLICATION
29 Apr 2020
MODIFICATION
13 Apr 2026
Impact Statistics

Key Metrics

CVSS Score
6.9
MEDIUM
Products
348
Affected
Public Exploit Available
Remediation Protocol

Recommended Solution

No automatic solution found. Check vendor references.
Patch Library
No direct patch listed in database.
Recommended Actions for Administrators

Immediate Action Plan

1. Inventory

Identify all affected systems in your infrastructure.

2. Assessment

Assess exposure and criticality for your organization.

3. Mitigation

Apply patches or available workarounds.

4. Verification

Test and confirm effectiveness of applied measures.